Why can't I connect externally to VPN on one network, but I can with two others?

Hi,
*WORKS* I have set up a VPN server on a Windows 2003 server (std) by following the RRAS wizard, allowing access for a user, and then forwarding port (on the router) 1723 TCP to the server's internal IP. It works just fine. This has one network port and the router is a Linksys. It has both port-forwarding of 1723 to the server and PPTP passthrough enabled.

*WORKS* I did this same thing on another WIndows 2003 server SBS netowork and it works also. This one has one network port and a Microsoft MN-700 router. It has port forwarding enabled for 1723 TCP to the server. (PPTP pass-through is not mentioned in the config screens)

*DOES NOT WORK!* I tried the same thing on a another Windows SBS 2003 server (a third network) and I can not connect. It gets to "Verifying username and password" then says "error 721. the remote computer did not respond". This server also has one network port and has a D-Link DI-614+ router. I tried both TCP 1723 and UDP 500 forwarding to the server.

Thanks for your help.
jmolhavaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tigermattCommented:
The 721 error can be caused if you haven't forwarded the GRE protocol (also known as protocol 47) in your router through to the server's IP address. This, as far as I'm aware, handles the authentication for the PPTP VPN, so needs to be forwarded. However, don't get protocol 47 confused with TCP port 47, forwarding that won't do anything. On some routers, it would be enabled by enabling PPTP passthrough, so it could be the D-link router just isn't capable of it.

However, another possibility could be that it is blocked at the ISP, but if your machine manages to find the server and only fails on the verifying username and password stage, it is likely to be the GRE protocol 47 issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tigermattCommented:
However (with reference to my previous post) it does say here http://www.dlink.com.sg/products/?pid=20 that it is capable of concurrent PPTP VPN connections. Perhaps there's a check box somewhere to tick to allow PPTP passthrough? If not, just try and see if GRE protocol 47 can be forwarded in the NAT port forwarding settings.
0
jmolhavaAuthor Commented:
I looked into the info you mentioned and also the D-Link page. It's also good to know what the GRE 47 actually does... never really knew other than it was needed.
From the D-Link page: They seem to have a specific way to enable the GRE protocol (just not as obvious as on the other two routers). I will try it later today and post back with the results.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

jmolhavaAuthor Commented:
OK that did it. It works now. Thanks for the tip off with GRE and the router settings. I guess every router kinda has their own way to do it.

0
jmolhavaAuthor Commented:
One more thought in case anyone else has this same router:
D-Link DI-614+
See the knowledge base on their website and look at the PPTP VPN connection instructions. The GRE entry will show up only if you add the PPTP 1723 entry in 'Virtual Server'. I also had to reset the router in order for it to take effect (apply was not enough).

http://support.dlink.com/SupportFAQ/default.asp?model=DI%2D614%2B
0
tigermattCommented:
That's often the case - the less advanced routers are probably preconfigured to do it for you. At least it works now!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.